For whatever it's worth I never found the compile-time option for tor2web mode to be offensive.
I remember Roger's original rebuttal against tor2web mode was, "Virgil, I'm not going to make a 'Make Tor Go Faster Button' to be pressed by people who don't know what they are doing." I always thought the compile-time-flag or text warning was a good compromise. -V On Friday, 8 April 2016, George Kadianakis <desnac...@riseup.net> wrote: > Tim Wilson-Brown - teor <teor2...@gmail.com <javascript:;>> writes: > > > [ text/plain ] > > Hi All, > > > > I'm working on proposal 260's Rendezvous Single Onion Services in #17178. > > > > They are faster, because they have one hop between the service and the > introduction and rendezvous points. > > But this means that their location is easy to discover (non-anonymous). > > So we want to come up with a design that makes it hard to configure a > non-anonymous service by accident. > > > > Here's a cut-down version of an email I sent to tor-onions for feedback, > for those who are on both lists: > > > > Nick's concern was that users could configure Single Onion Services > without realising that it provides no server location anonymity. > > I initially thought we could change the torrc option name to make this > clear. ... > > I now believe that trying to overload the name of a feature with > warnings about its downsides was a mistake. … > > > > This would mean that Single Onion Service operators would include in > their torrc: > > > > SingleOnionMode 1 > > HiddenServiceDir … > > ... > > > > As a separate issue, I think there are two alternative designs that can > prevent users from configuring the feature and then exposing their location > unintentionally: > > > > Tor2WebMode requires users to add a compilation option: > --enable-tor2web-mode > > We could do this with Single Onion Services as well: > --enable-single-onion-mode > > If SingleOnionMode is configured without the compilation option, tor > warns the user and refuses to start. > > When it is configured, tor warns the user they're non-anonymous, then > starts. > > However, using a compilation option makes the feature harder to test. > > And Tor2Web operators already don't like having to compile separate > binaries. > > It's likely Single Onion operators would feel similarly. > > > > Alternately, we could add a torrc option: NonAnonymousMode > > If SingleOnionMode is configured without NonAnonymousMode, tor warns the > user and refuses to start. > > When it is configured, tor warns the user they're non-anonymous, then > starts. > > > > I spoke with Nick on IRC and he's happy with either of these options. > > > > I'd like to proceed with the NonAnonymousMode torrc option, unless there > are compelling reasons against that design. > > I hope that this will allow us to get SingleOnionMode merged early in > tor 0.2.9. > > > > I think I like this approach more than complicating the torrc option name! > > Coming up with a warning message for people who forget to enable > NonAnonymousMode seems easier than trying to fit that warning message in a > torrc option name. > > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org <javascript:;> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev